On 2015-06-04 03:56:35, John Johansen wrote:
> allow specifying the change_profile keyword
> 
>   change_profile,
> 
> to grant all permissions change_profile permissions
> 
> Signed-off-by: John Johansen <[email protected]>

Acked-by: Tyler Hicks <[email protected]>

> ---
>  parser/parser_lex.l                                 |  2 +-
>  parser/parser_yacc.y                                | 14 ++++++++++++++
>  parser/tst/equality.sh                              |  4 ++++
>  parser/tst/simple_tests/change_profile/bare_ok_1.sd |  7 +++++++
>  4 files changed, 26 insertions(+), 1 deletion(-)
>  create mode 100644 parser/tst/simple_tests/change_profile/bare_ok_1.sd
> 
> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> index 0456843..286d9a2 100644
> --- a/parser/parser_lex.l
> +++ b/parser/parser_lex.l
> @@ -612,7 +612,7 @@ LT_EQUAL  <=
>       PUSH_AND_RETURN(state, token);
>  }
>  
> -<INITIAL,NETWORK_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
> +<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
>       {END_OF_RULE}   {
>               if (YY_START != INITIAL)
>                       POP_NODUMP();
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index 3ebaed4..ce57153 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -1481,6 +1481,20 @@ file_mode: TOK_MODE
>               free($1);
>       }
>  
> +change_profile: TOK_CHANGE_PROFILE TOK_END_OF_RULE
> +     {
> +             struct cod_entry *entry;
> +             char *rule = strdup("**");
> +             if (!rule)
> +                     yyerror(_("Memory allocation error."));
> +             PDEBUG("Matched change_profile,\n");
> +             entry = new_entry(NULL, rule, AA_CHANGE_PROFILE, NULL);
> +             if (!entry)
> +                     yyerror(_("Memory allocation error."));
> +             PDEBUG("change_profile,\n");
> +             $$ = entry;
> +     };
> +
>  change_profile:      TOK_CHANGE_PROFILE TOK_ARROW TOK_ID TOK_END_OF_RULE
>       {
>               struct cod_entry *entry;
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index 89a048e..700ac8b 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -458,6 +458,10 @@ verify_binary_equality "Deny of ungranted perm" \
>                      "/t { /foo/[abc] r, }"
>  
>  
> +verify_binary_equality "change_profile == change_profile -> **" \
> +                    "/t { change_profile, }" \
> +                    "/t { change_profile -> **, }"
> +
>  if [ $fails -ne 0 -o $errors -ne 0 ]
>  then
>       printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1
> diff --git a/parser/tst/simple_tests/change_profile/bare_ok_1.sd 
> b/parser/tst/simple_tests/change_profile/bare_ok_1.sd
> new file mode 100644
> index 0000000..3ea58d2
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/bare_ok_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +   change_profile,
> +}
> -- 
> 2.1.4
> 
> 
> -- 
> AppArmor mailing list
> [email protected]
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to